[wp-trac] [WordPress Trac] #35715: edit_user() doesn't check for empty password (pass1).
WordPress Trac
noreply at wordpress.org
Tue Mar 1 10:56:51 UTC 2016
#35715: edit_user() doesn't check for empty password (pass1).
-------------------------------------------------+-------------------------
Reporter: gitlost | Owner:
Type: defect (bug) | SergeyBiryukov
Priority: normal | Status: reviewing
Component: Users | Milestone: 4.5
Severity: normal | Version: 4.4
Keywords: needs-testing good-first-bug has- | Resolution:
patch | Focuses:
-------------------------------------------------+-------------------------
Comment (by gitlost):
Good point, and there's a load of other `empty()` tests in there that have
the same issue. Not sure what the correct thing to do is - I suppose
change the `pass1` check to do the right thing? (The others could then be
fixed in a separate ticket - along with `user_login`, which does do an
exact match but fails to do a `! isset()` first, leading to a PHP
warning.)
Re coding style there should be a
[https://make.wordpress.org/core/handbook/best-practices/coding-
standards/php/#space-usage space] before the `$update`, and after opening
and before closing round brackets in the errors add bit...
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35715#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list